WordPress Trac: Ticket #24025: Calling is_user_logged_in() causes the "wordpress_logged_in[HASH]" cookie to be set.https://core.trac.wordpress.org/ticket/24025
<p>
While troubleshooting some malfunctioning plugins, I discovered the "is_user_logged_in()" function causes the "wordpress_logged_in[HASH]" cookie to be set. The "is_user_logged_in()" function calls the "wp_validate_auth_cookie()" function, as part of its processing, and it's "wp_validate_auth_cookie()" which actually sets the logged in cookie. I'm reporting this behavior as a bug in "is_user_logged_in()" because I think "is_user_logged_in()" should simply check to see if the current user is logged in or not and not cause any cookies or status to be set or changed.
</p>
<p>
This behavior caused the W3 Total Cache and Login Security Solution plugins to not properly function in my Wordpress installation. The site in question has pages only and no blog. The custom theme being used called "is_user_logged_in()" to enable some links in the footer of the page if the current website visitor was logged in. Since my site has no blog, there would never be a case where a visitor would be "logged in" yet the call to "is_user_logged_in()" resulted in the "wordpress_logged_in[HASH]" cookie to be set.
</p>
<p>
You can see some discussion I had with the author of the "Login Security Solution" plugin here:
</p>
<p>
<a class="ext-link" href="http://wordpress.org/support/topic/help-needed-with-login-security-solution-0340-problem"><span class="icon">​</span>http://wordpress.org/support/topic/help-needed-with-login-security-solution-0340-problem</a>
</p>
<p>
Currently, my custom theme has the call to "is_user_logged_in()" commented out so I'm not experiencing the problem. I can enable this call to gather some debugging information, if necessary.
</p>
<p>
The way I found the issue was using the "Live HTTP Headers" Firefox plugin to monitor the HTTP traffic between my browser and the server and I would see the "wordpress_logged_in[HASH]" cookie being referenced even though I never logged in to Wordpress, at that point.
</p>
<p>
Please let me know if there's anything else I can do to gather information regarding this issue.
</p>
en-usWordPress Trachttps://core.trac.wordpress.org/chrome/site/your_project_logo.pnghttps://core.trac.wordpress.org/ticket/24025
Trac 1.0.1SergeyBiryukovWed, 10 Apr 2013 06:13:40 GMTcomponent changed; keywords sethttps://core.trac.wordpress.org/ticket/24025#comment:1
https://core.trac.wordpress.org/ticket/24025#comment:1
<ul>
<li><strong>keywords</strong>
<em>reporter-feedback</em> added
</li>
<li><strong>component</strong>
changed from <em>General</em> to <em>Users</em>
</li>
</ul>
<p>
Could not reproduce on a clean install. My steps:
</p>
<ol><li>Log out. Clear the site cookies.
</li><li>Add <tt>echo is_user_logged_in();</tt> to theme's <tt>header.php</tt>.
</li><li>Visit the site. No new cookies are created.
</li></ol><p>
<tt>LOGGED_IN_COOKIE</tt> is only set in <tt>wp_set_auth_cookie()</tt>: <br />
<a class="ext-link" href="http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/pluggable.php#L640"><span class="icon">​</span>http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/pluggable.php#L640</a>
</p>
<p>
By default, it's only called in <tt>wp_signon()</tt> and <tt>wp_update_user()</tt>: <br />
<a class="ext-link" href="http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/user.php#L63"><span class="icon">​</span>http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/user.php#L63</a> <br />
<a class="ext-link" href="http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/user.php#L1480"><span class="icon">​</span>http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/user.php#L1480</a>
</p>
<p>
Have you tested with all plugins disabled?
</p>
TickettomdkatWed, 10 Apr 2013 14:50:11 GMThttps://core.trac.wordpress.org/ticket/24025#comment:2
https://core.trac.wordpress.org/ticket/24025#comment:2
<p>
Thanks for the reply. Using your approach, I tried a different Wordpress installation using the default theme and no plugins installed other than what comes with Wordpress and what's activated by default. I was NOT able to recreate the problem. So, I went back to the site in question and deactivated all plugins and re-enabled the call to "is_user_logged_in()" and encountered the problem. I made sure to clear my browser cache and cookies before conducting all of my tests. I also captured the HTTP headers which show the cookie being set.
</p>
<pre class="wiki">http://mysite.com/mysite/
GET /mysite/ HTTP/1.1
Host: mysite.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.mysite.com/
Connection: keep-alive
HTTP/1.1 200 OK
Date: Wed, 10 Apr 2013 14:38:45 GMT
Server: Apache
X-Pingback: http://mysite.com/mysite/xmlrpc.php
Set-Cookie: wordpress_8d21f(snip); expires=Wed, 24-Apr-2013 14:38:45 GMT; path=/mysite/wp-content/plugins; httponly
Set-Cookie: wordpress_8d21f(snip); expires=Wed, 24-Apr-2013 14:38:45 GMT; path=/mysite/wp-admin; httponly
Set-Cookie: wordpress_logged_in_8d21f(snip); expires=Wed, 24-Apr-2013 14:38:45 GMT; path=/mysite/; httponly
Cache-Control: max-age=1209600
Expires: Wed, 24 Apr 2013 14:38:45 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1890
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
</pre><p>
So, it's got to be something local to my theme. This bug report can be closed. Sorry for wasting your time. :)
</p>
<p>
Thanks!
</p>
TicketSergeyBiryukovWed, 10 Apr 2013 14:55:16 GMTstatus changed; resolution set; keywords, milestone deletedhttps://core.trac.wordpress.org/ticket/24025#comment:3
https://core.trac.wordpress.org/ticket/24025#comment:3
<ul>
<li><strong>keywords</strong>
<em>reporter-feedback</em> removed
</li>
<li><strong>status</strong>
changed from <em>new</em> to <em>closed</em>
</li>
<li><strong>resolution</strong>
set to <em>invalid</em>
</li>
<li><strong>milestone</strong>
<em>Awaiting Review</em> deleted
</li>
</ul>
Ticket